light bulb

Did You Know?



Reply
Highlighted
Posts: 6,079
Topics: 4,020
Kudos: 7,793
Registered: ‎06-12-2013

Only a few days old, OpenSSL fork LibreSSL is declared “unsafe for Linux”

Researcher uncovers "catastrophic failure" in random number generation.

by Dan Goodin - July 15 2014

 

LibreSSL

 

The first "preview" release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux.

The problem resides in the pseudo random number generator (PRNG) that LibreSSL relies on to create keys that can't be guessed even when an attacker uses extremely fast computers. When done correctly, the pool of numbers supplied is so vast that the output will almost never be repeated in subsequent requests, and there should be no way for adversaries to accurately predict which numbers are more likely than others to be chosen. Generators that don't produce an extremely large pool of truly random numbers can undermine an otherwise robust encryption scheme. The Dual EC_DRBG influenced by the National Security Agency and used by default in RSA's BSAFE toolkit, for instance, is reportedly so predictable that it can undermine the security of applications that rely on it.

 

Full Article

Sr. Community Leader

Posts: 6,079
Topics: 4,020
Kudos: 7,793
Registered: ‎06-12-2013

‘Overblown’ LibreSSL PRNG Vulnerability Patched

by Michael Mimoso July 16, 2014

 

The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator (PRNG).

The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a “catastrophic failure of the PRNG.”

OpenBSD founder Theo de Raadt and developer Bob Beck, however, countered saying that the issue is “overblown” because Ayer’s test program is unrealistic. Ayer’s test program, when linked to LibreSSL and made two different calls to the PRNG, returned the exact same data both times.

 

Full Article

Sr. Community Leader